DevOps Lab: Run Your Own VPN Server
By Sudheer S
There are many applications and technologies enabled by VPN. We will focus on one of them in this post: client VPN.
Connecting To A Private Network
If the server you are trying to access is on a private network, you can use a VPN to connect to the network as if you were physically present on the same network. This can be useful if you need to access resources or devices that are only available on the private network.
The Scenario
You are the network and server administrator. You are sitting in a remote location. There is a database server present
in a remote data center or cloud. The database server is placed on the private network having IP address 10.0.1.23
.
The database server is not accessible from the Internet and public networks. You are tasked to come up with a solution
to securely connect to the remote database server using the VPN technology.
The Solution
You come up with the solution. You will place a VPN server with interfaces. One network interface will connect to the private network. The other network interface will connect to the public network. You will open the VPN ports on the public network. You will also create a private CA(Certificate Authority) server on the private network.
Steps
- On the VPN server and CA server, install a Linux distribution such as Debian, Ubuntu or Rocky Linux.
- Install and configure OpenVPN server on the VPN server
- Install and configure the private CA server. Use the CA server to sign the user and certificates.
- Create a certificate for yourself and sign it using the CA server.
- On your laptop, install the OpenVPN client. Import the signed certificate in your VPN client software. Connect to the VPN network.
- Once you are connected to the VPN, use the tunnel to connect to the remote database server sitting on the private network.
Simulation On Virtual Machines
You can simulate this scenario using virtual machines on your laptop. Create four VM guests:
- User or administrator’s device
- Database server
- VPN server
- CA server
IAC It
Once the local simulation works, use an IAC tool such as Ansible to orchestrate the VPN service.
Try It On The Cloud
- In the cloud VPC, create two subnets: a) private b) public
- On the public subnet place the VPN server
- On the private subnet place the database and CA server
- Install and configure VPN service on the VPN server
- Connect to the VPN server using your signed certificate
- Connect to the database server using the VPN tunnel
Beyond OpenVPN
Explore other VPN solutions and technologies such as IpSec, Libreswan, WireGuard, etc.